Follow by Email

Sunday, July 6, 2014

Opensource File Encryption Tool For Protecting You From NSA

It’s the age of surveillance what made the Use of Encryption
so widely that it has become a need of law enforcement agencies, cyber
criminals as well as every individual. But, encryption is not so easy.

To solve this problem, a 23-year old Cryptocat developer
Nadim Kobeissi is ready to release a simple solution to deliver strong
encryption at the HOPE hacker conference in New York later this month,
which may soon come as an extension for Google Chrome web browser, Wired
reported.

The encryption program is dubbed as miniLock, which is a free and
open-source browser plugin designed to let anyone encrypt and decrypt
files in seconds using a drag-and-drop interface with practically
unbreakable cryptographic protection.

“The tagline is that this is file encryption that does more with less,” says Kobeissi, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.”

Drag-and-drop interface here means, miniLock offers an
area where files can be dropped into the program for encryption and
encrypts the data in such a manner that leaving recipient, nobody—not
even law enforcement units or government intelligence agencies—could
able to decrypt and read it.

The encryption program miniLock can be used to work with all type of
files, from multimedia to documents and even items stored on a USB drive
and encrypts files for secure storage on Dropbox or Google Drive.

miniLock encryption program relies on asymmetric encryption,
just like PGP (Pretty Good Privacy), which requires two separate
cryptographic keys, public key and private key, for encrypting and
decrypting the information. Users share the public key with the one who
wants to send them files securely, while the private key is always with
the user protected and concealed.

But, in case of miniLock, user needs to enter a passphrase—a strong one
with as many as 30 characters or a lot of symbols and numbers—from which
the program will derive a public key, called a miniLock ID, and a
private key, which is never been seen by the user and gets vanished when
the program get closed. Both generated keys are same every time the
user enters the passphrase.

This trick of generating the same keys again and again in every session,
makes the application usable on any computer without getting worry
about the safety of storing the sensitive private key.

Additionally, the automatic generation and management of the public and
private keys are exactly what makes the miniLock program easy to use
even by an average user who always looks for a simple as well as secure
solution to protect their information when sending it over the web.

“No logins, and no private keys to manage. Both are eliminated. That’s what’s special,” says Kobeissi. “Users
can have their identity for sending and receiving files on any computer
that has miniLock installed, without needing to have an account like a
web service does, and without needing to manage key files like PGP.”

This is why, the type of protection the program is providing cannot be descrambled even by law enforcement and government intelligence agencies, which makes it one of the most secure kinds of encryption program.

Because miniLock uses an elliptic curve cryptography flavour of
encryption, MiniLock IDs are 44 characters long, while PGP’s public keys
often reach almost a page with random text. This small size of keys
makes the sharing possible through different communication channels such
as a Twitter post or even a phone SMS message.

The full technical explanation of miniLock’s elliptic curve will be presented by Kobeissi at the HOPE conference
in New York, starting July 18. He will present a beta version of the
miniLock program at the New York conference, as the encryption program
he proposes is currently in its experimental stage of development.

miniLock as an extension for Google Chrome
web browser won't initially be released, instead the code will be soon
available for review on GitHub, so that the flaws and loopholes are
eliminated before the release of the tool in Chrome Web Store.